##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

quick-filter: make sure we always apply IN filter query. Otherwise we can...
marcink -
r2167:23aaeb72 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -104,7 +104,7 b' class HomeView(BaseAppView):'
104 def _get_repo_list(self, name_contains=None, repo_type=None, limit=20):
104 def _get_repo_list(self, name_contains=None, repo_type=None, limit=20):
105 allowed_ids = self._rhodecode_user.repo_acl_ids(
105 allowed_ids = self._rhodecode_user.repo_acl_ids(
106 ['repository.read', 'repository.write', 'repository.admin'],
106 ['repository.read', 'repository.write', 'repository.admin'],
107 cache=False, name_filter=name_contains)
107 cache=False, name_filter=name_contains) or [-1]
108
108
109 query = Repository.query()\
109 query = Repository.query()\
110 .order_by(func.length(Repository.repo_name))\
110 .order_by(func.length(Repository.repo_name))\
@@ -139,7 +139,7 b' class HomeView(BaseAppView):'
139 def _get_repo_group_list(self, name_contains=None, limit=20):
139 def _get_repo_group_list(self, name_contains=None, limit=20):
140 allowed_ids = self._rhodecode_user.repo_group_acl_ids(
140 allowed_ids = self._rhodecode_user.repo_group_acl_ids(
141 ['group.read', 'group.write', 'group.admin'],
141 ['group.read', 'group.write', 'group.admin'],
142 cache=False, name_filter=name_contains)
142 cache=False, name_filter=name_contains) or [-1]
143
143
144 query = RepoGroup.query()\
144 query = RepoGroup.query()\
145 .order_by(func.length(RepoGroup.group_name))\
145 .order_by(func.length(RepoGroup.group_name))\
Show file before | Show file after | Hide comments
@@ -122,6 +122,11 b' def in_filter_generator(qry, items, limi'
122 *in_filter_generator(Repository.repo_id, range(100000))
122 *in_filter_generator(Repository.repo_id, range(100000))
123 )).count()
123 )).count()
124 """
124 """
125 if not items:
126 # empty list will cause empty query which might cause security issues
127 # this can lead to hidden unpleasant results
128 items = [-1]
129
125 parts = []
130 parts = []
126 for chunk in xrange(0, len(items), limit):
131 for chunk in xrange(0, len(items), limit):
127 parts.append(
132 parts.append(
General Comments 0
You need to be logged in to leave comments. Login now